https://pulumi.com logo
Title
c

chilly-analyst-14900

09/07/2022, 8:01 PM
Q about azure-native: KeyVault & Certificates. I’ve created a cert in a KeyVault, which I can fetch via
GetSecret.Invoke()
. But I don’t see any function to retrieve the Certificate (I need the thumbprint, for example. Any ideas?
I can get it by running
az keyvault certificate show --vault <vault> -n <certName> --query "x509ThumbprintHex" -o tsv
what would be the easiest way to do the same in Pulumi?
Oo, just found
Pulumi.Command
had a stdout. Resolves my issue.
var getThumb = new Command("getThumb", new CommandArgs
{
    Create = "az keyvault certificate show --vault $VAULT -n $NAME --query \"x509ThumbprintHex\" -o tsv",
    Environment =
    {
        { "NAME", certName },
        { "VAULT", vault.Name },
    },
});
m

melodic-tomato-39005

09/08/2022, 6:35 PM
Retrieving the values of secrets, including certs, is not available through Pulumi since this is a data-plane operation. See this (pretty hidden) note on https://www.pulumi.com/registry/packages/azure-native/api-docs/keyvault/getsecret/#secretpropertiesresponse:
Users should use the data-plane REST service for interaction with vault secrets.
Glad you found another way. Using the Azure SDK would be another one.
👍 2
c

chilly-analyst-14900

09/12/2022, 5:50 PM
Makes sense. And thanks for the tip on Azure SDK — I guess that makes a lot more sense that parsing stdout 😄